Security software development firm Malwarebytes has just exposed what could be the first known case of Mac malware for the year of 2017.

It appears to be a highly antiquated piece of malware. In other
words, it’s not super advanced and it’s using methods to infect machines
that are so well-known that only a small number of unsuspecting users
would even fall victim to it.

Malwarebytes points out that Fruitfly is detected by
“OSX.Backdoor.Quimitchin,” which is using code that actually predates OS
X itself. The report adds that some of the code could show signs of
potentially running on Linux. The malware was first discerned by an IT
administrator who became aware of an irregular amount of outgoing
network activity from a specific Mac.

“Another clue, of course, is the age of some of the code,
which could potentially suggest that this malware goes back decades.
However, we shouldn’t take the age of the code as too strong an
indication of the age of the malware. This could also signify that the
hackers behind it really don’t know the Mac very well and were relying
on old documentation. It could also be that they’re using old system
calls to avoid triggering any kind of behavioral detections that might
be expecting more recent code.

Ironically, despite the age and sophistication of this malware, it
uses the same old unsophisticated technique for persistence that so many
other pieces of Mac malware do: a hidden file and a launch agent. This
makes it easy to spot, given any reason to look at the infected machine
closely (such as unusual network traffic). It also makes it easy to
detect and easy to remove.”

The experts who conducted the reverse engineering of the malware
found comment files that suggest this malware has been in effect for
quite some time; at least since OS X Yosemite (launched in 2014). The
reason this malware may have gone unnoticed for so long was because it
targeted a very small sample of machines. Had it have been present on
more machines, it may have been noticed and reported much faster.

It’s very unlikely that your Mac at home has been infected with this malware, which is being dubbed OSX.Backdoor.Quimitchin,
named after the Aztec spies who were known for infiltrating other
tribes for information. Nevertheless, that’s not to say that other rogue
malware couldn’t infect your machine, so you should always be wary of
what you download.

Security software development firm Malwarebytes has just exposed what could be the first known case of Mac malware for the year of 2017.

It appears to be a highly antiquated piece of malware. In other
words, it’s not super advanced and it’s using methods to infect machines
that are so well-known that only a small number of unsuspecting users
would even fall victim to it.

Malwarebytes points out that Fruitfly is detected by
“OSX.Backdoor.Quimitchin,” which is using code that actually predates OS
X itself. The report adds that some of the code could show signs of
potentially running on Linux. The malware was first discerned by an IT
administrator who became aware of an irregular amount of outgoing
network activity from a specific Mac.

“Another clue, of course, is the age of some of the code,
which could potentially suggest that this malware goes back decades.
However, we shouldn’t take the age of the code as too strong an
indication of the age of the malware. This could also signify that the
hackers behind it really don’t know the Mac very well and were relying
on old documentation. It could also be that they’re using old system
calls to avoid triggering any kind of behavioral detections that might
be expecting more recent code.

Ironically, despite the age and sophistication of this malware, it
uses the same old unsophisticated technique for persistence that so many
other pieces of Mac malware do: a hidden file and a launch agent. This
makes it easy to spot, given any reason to look at the infected machine
closely (such as unusual network traffic). It also makes it easy to
detect and easy to remove.”

The experts who conducted the reverse engineering of the malware
found comment files that suggest this malware has been in effect for
quite some time; at least since OS X Yosemite (launched in 2014). The
reason this malware may have gone unnoticed for so long was because it
targeted a very small sample of machines. Had it have been present on
more machines, it may have been noticed and reported much faster.

It’s very unlikely that your Mac at home has been infected with this malware, which is being dubbed OSX.Backdoor.Quimitchin,
named after the Aztec spies who were known for infiltrating other
tribes for information. Nevertheless, that’s not to say that other rogue
malware couldn’t infect your machine, so you should always be wary of
what you download.